REMARKS 

This is responsive to the Office Action dated April 29, 2005 in which the Examiner rejects all 
the pending claims as being obvious over combinations of Geiger et al (US Patent No. 6,073,142), 
Scannel et al (US Patent No. 5,377,354), Sandhu ("Transaction Control Expressions for Separation of 
Duties" or "Lattice-Based Access Control Models") and Hudson et al (US Patent No. 6,055,637) 
under 35USC § 103(a). Applicant has amended independent claim 8 to more clearly define the 
invention, and respectfully traverses the rejections. 

The present invention teaches a novel technique in implementing security policy rule that 
precludes an action upon an occurrence of a condition. In particular, as taught by the present invention, 
the rule, which is for precluding the action upon the occurrence of the condition, is loaded to the 
management software upon the occurrence of the first action , as recited expressly or in similar 
language in all independent claims 1, 8 and 10. With the teaching of the present invention, when an 
action is attempted, the rule simply precludes the action without a need to test whether the condition 
exists since the loading of the rule into the software is triggered by the occurrence of the condition. As 
explained in the Specification, this brings significant efficiencies as compared to the prior art where 
the rule is preloaded in the management soflAvare before the occurrence of the condition, and thus the 
management software has to test whether the condition exists each time the action is attempted (see 
e.g., page 2, lines 5-7). 

Applicant respectfiilly submits that the above underlined distinguishing feature is not obvious 
over the combinations of the cited references under 35USC § 103(a) as asserted by the Examiner, as 
explained in detail below. 

Rejections to independent claims 1 and 8: 
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Independent claims 1 and 8 are rejected by the Examiner over a combination of Geiger et al 
(US Patent No. 6,073,142), Sandhu ("Transaction Control Expressions for Separation of Duties", 
hereinafter referred to as "Sundhu A") and Hudson et al (US Patent No. 6,055,637) under 35 USC 
§ 103(a). Applicant respectfully traverses the rejections, as explained below. 

Geiger et al (US Patent No. 6,073,142) discloses an email processing system in which the 
business communication policies can be automatically applied to control the distribution of the email 
messages. However, as admitted by the Examiner, Geiger does not disclose either that the rules 
(pnlides) are for precluding an action or that the niles are loaded into the data access management 
software upon an occurrence of a condition . Therefore, Applicant respectfially submits that Geiger is 
somewhat remote from the present invention as far as the above underlined distinguishing features in 
the independent claims 1 and 2 are concerned. 

Sandhu A discloses a notation and model based on transaction control expressions for 
specifying and enforcing separation of duties. More specifically, each user is assigned with a duty and 
prohibited from other duties. A specific user is always allowed to take an action (e.g., preparing the 
check), and is always precluded from taking other actions (e.g., approving a check, issuing a check, 
etc.). Therefore, the rule in Sandhu A is not a conditional rule. More specifically, it is NOT for 
precluding the user from specified actions (e.g., approving the check, issuing a check, etc.) upon an 
occurrence of a condition^ as required in claims 1 and 2 , For example, the user is always precluded 
from issuing or preparing the check even though he or she has not prepared the check. 

Therefore, neither Geiger nor Sandhu teaches how to implement a conditional nile that 
precludes an action upon an occurrence of a condition This deficiency cannot be remedied by Hudson 
et al (US Patent No. 6,055,637), because Hudson does not discuss about a rule that precludes an action 
upon an occurrence of a condition either. Hudson discloses a resource access control system to permit 
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a user to get access to a resource each time that the user logs on. In particular, a temporary credential 
token is generated correlative to the assigned role of the user as the user logs on for accessing the 
resource. Therefore, the token represents a rule for permitting an action (i.e., accessing to the 
resource), but NOT for precluding the action. 

Therefore, Applicant respectfully submits that independent claims 1 and 8 are not obvious 
over a combination of Geiger, Sandhu A and Hudson since none of them discloseses a rule for 
prerliiding an action upon occurrence nf a condition ^ as required in claims 1 and 2. Moreover, 
Applicant believes that claims 1 and 8 are also not obvious even Sandhu ("Lattice-Based Access 
Control Models", herein after referred to as "Sandhu B") is taken into consideration, either, for the 
similar reason as explained below in regard to independent claim 10 which is rejected by the 
Examiner based on such a combination. 

Rejection to independent claim 1 0: 

Independent claim 10 is rejected as being obvious over a combination of Geiger, Sandhu B 
("Lattice-Based Access Control Models") and Hudson under 35USC § 1 03(a). Applicant respectfully 
traverses the rejection, as explained below. 

As admitted by the Examiner, Geiger does not disclose that the rules (policies) are for 
prohihiting a party from accessing specified information or that the rules are included into the data 
access management software upon an occurrence of a condition ^ which is recited in claim 10 in 
similar languages. 

Sandhu B discloses a "Chinese Wall policy" in which a user will be precluded from accessing 
to bank B's information after the user has accessed to bank A's information (see page 17, cols. 2 -3). 
However, as admitted by the Examiner, Sandhu B does not teach to upload or include the rule, which 
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is for prnhihiting the arress; of th e s p ecified informRtiOTi . into the TTianngeme nt software llDOn 
oeciirrenee of a condition as required by independent claim 10 either. 

Applicant respectfully submits that the above deficiency cannot be remedied by Hudson, as 
asserted by the Examiner. In particular, Applicant respectfully submits that no proper motivation or 
suggestion can be found in any of these references for such a combination so as to conclude the above 
distinguishing feature of indiiding a r u l e th?^t prohibits the access to the information into the 
m?inagement software upon occurrence of 3 condition. Moreover, applicant respectfully disagrees 
with the Examiner's statements that the above references can be combined to conclude the 
above-underlined distinguishing feature because of the motivation of maintaining the integrity of the 
security system given in Hudson (see Office Action, page 4), as explained in detail below. 

Hudson's patent is directed to maintain the integrity of the security system, which will be 
otherwise compromised if a user can get access to the same resource by the identifier and password 
even if his or her role has changed (see col. 1, lines 42-48). However, the feature of the present 
invention that a rule prohibiting the access to s pecified information is included in the management 
sofhvare npon occnrrence of a condition cannot be concluded from this motivation of Hudson to 
maintain the integrity of the security system, as asserted by the Examiner. More specifically, Hudson 
is directed to solve an integrity problem that may happen in implementing security policies that 
preclude an action (accessing to the resources) by default, but permit the action only upon occurrence 
of a condition (user's logging on). This is very different fi-om the situation in the present invention in 
which the security policies permit an action hy default^ hut pre clude the action only upon occurrence 
of a condition . In particular, in Hudson the token (rule for permitting an action) is generated after the 
user logs on to avoid integrity problem, i.e., to prevent the user from unauthorized accessing to the 
resource. However, in the situation of the present invention in which the rule is for precluding or 
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prohibiting an action upon occurrence of a condition, the rule can either be included in the 
management software before the occurrence of the condition (such as in the prior art discussed in the 
Specification of the instant application), or be included in the software after the occurrence of the 
condition as taught by the present invention. Flaring i\ nile^ which precludes an action upon 
nrciirrence of a cnnditionj into the manngement <;nftwarft after the nccn rrence of the condition does 
not solve the integrity problem addressed by Hudson, but is able to avoid testing the occurrence of the 
condition and therefore to improve efficiencies, as suggested in the instant application (see, e.g., page 
2 , lines 5-7). This motivation can only be found in the present invention, and cannot be found in either 
Hudson or any other cited patents. 

Therefore, Applicant respectfiilly submits the motivation of "maintaining the integrity" 
suggested in Hudson does not suggest that the feature of "generating the token (rule) upon user's 
logging on" disclosed in Hudson be applied to "the rule for precluding access to specified information 
upon occurrence of an action" as disclosed in Sandhu B so as to conclude the distinguishing feature of 
the present invention that the rule, which is for pr ohihiting the access to specified information upon an 
occurrence of a conditinn^ is included in the management software upon t he occurrence of the 
condition ^ as required in independent claim 10. Therefore, claim 10 is believed non-obvious over the 
cited references under 35USC § 103(a) and is patenble. 

For the similar reasons. Applicant believes that independent claims 1 and 8 are also 
non-obvious over the cited patents 35USC § 103(a), and are therefore also patentable. 

At least for the same reasons, all other pending claims are also believed patentable since each 
of them is dependent to, and therefore includes all the limitations in, one of independent claims 1, 8 
and 10. 

Applicant therefore respectfiilly requests reconsideration and allowance in view of the above 
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remarks and amendments. The Examiner is authorized to deduct additional fees believed due from 



our Deposit Account No. 11 -0223. 

Respectfully submitted, 

KAPLAN OILMAN GIBSON DERNIER, L.L.P. 
900 Route 9 North, Suite 104 
Woodbridge, New Jersey 07095 
Telephone (732) 634-7634 



Dated: July 29, 2005 
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I hereby certify that this correspondence is being deposited with the United States Postal service as first class mail, in 
a postage prepaid envelope, addressed to the Mail Stop Amendment, Commissioner for Patents, P. O. Box 1450, 
Alexandria, VA 22313-1450 on Inly 79, 7005. 



Dated July 29, 2005 Signed 
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F:\Clients\Teleran Technologies, Inc.-125\125-7\Response to OA of04-29-05.doc 



12 



